The New State of Cybersecurity

Around the world, the words of David Koh, Chief Executive of Singapore’s Cyber Security Agency (CSA), ring true. With the pandemic speeding up the adoption of digital technologies by at least four years (McKinsey) and around 60% of global GDP now digitized (World Bank), the digital opportunity has never been more central to global economic recovery – or more vulnerable to bad actors.

In September 2022, following a fresh wave of cyberattacks that brought day-to-day government services to a halt, Albania became the first known country to sever diplomatic ties over foreign state-sponsored digital breaches. Just months earlier, a sustained ransomware attack on Costa Rica took down critical infrastructure across 27 public institutions, forcing a state of emergency.

From governments to tech giants, a long list of entities has been targeted by cyber criminals this year alone – and reinforced the need to develop stronger digital instincts.

A Global, Multi-Stakeholder Approach

The shared threat to personal, corporate and national security is one of the most urgent and debilitating threats to global peace, and could cost the world $10.5 trillion a year by 2025 (Cybersecurity Ventures).

So when more than 10,000 participants from 65 countries gathered at Singapore International Cyber Week (SICW) 2022, they were united under its theme, “Digital Security: A Shared Responsibility.” Against the challenging backdrop of geopolitical turmoil and evolving cyber threats, inclusive, international platforms for multi-stakeholder cooperation are key to building a resilient and interoperable cyberspace.

As Josephine Teo, Singapore’s Minister for Communications and Information, noted at the SICW Summit, “a safe and secure cyberspace is the foundation for a sustainable digital future. It allows us to trust the technologies that we use and gives us the confidence to continue on our digitalization journey.”

As Asia-Pacific’s most established cybersecurity event, SICW’s program and attendance sheet are uniquely global and cross-sectoral, and reflect Singapore’s belief that every link in the cybersecurity equation – whether governments, private enterprises, academia, non-governmental organizations or individuals – bears collective responsibility for our digital future.

“There are no borders in the digital domain,” Teo Chee Hean, Singapore’s Senior Minister and Coordinating Minister on National Security, noted in his opening address at SICW 2022. “This is why at the global level, we need international cooperation to build a robust framework that can safeguard cybersecurity and promote confidence and trust in cyberspace.”

Among the global leaders and ambassadors who spoke at SICW 2022 were Alejandro Mayorkas, the United States’ Secretary of the Department of Homeland Security; Izumi Nakamitsu, the United Nations’ Under-Secretary-General and High Representative for Disarmament Affairs; Lim Jock Hoi, ASEAN’s Secretary-General; Ursula Owusu-Ekuful, Wang Lei, Coordinator for Cyber Affairs of the Ministry of Foreign Affairs of China; and Tim Watts, Australia's Assistant Minister for Foreign Affairs.

Across key events including Ministerial Roundtables, the International IoT Security Roundtable, the ASEAN Ministerial Conference on Cybersecurity (AMCC), the SICW Summit, and open sessions spanning the scourge of ransomware and the future of international cyber discussions, SICW 2022 drew diverse representation from 65 countries across six continents, including the Czech Republic, Ghana, Indonesia, Mexico, New Zealand, the Netherlands and Ukraine.

From Norms to Implementation

Multistate participation is crucial in safeguarding systems that transcend national borders, like the SWIFT international payment network, air travel booking systems, and aviation and maritime traffic routing systems. A failure of any of these would create chaos on a global level – yet their protection and supervision are currently not governed by formal international processes.

To this end, SICW 2022 reaffirmed the role of the United Nations (UN) as a crucial platform for building a global cybersecurity architecture that protects critical systems, where both developed and developing countries will have a voice on cybersecurity and work collectively within a rules-based multilateral system.

SICW 2022 also probed the future of international cyber discussions and revealed a common perspective: that norms alone are not enough. At SICW Sessions: The Future of International Cyber Discussions, a panel session moderated by James Crabtree, Executive Director for the International Institute for Strategic Studies (Asia), ambassadors from Estonia, France, Singapore and the US agreed that future cybersecurity discussions will prioritize implementation. This medium-term shift from normative frameworks at the diplomatic level to legally binding frameworks that enforce responsible state behavior in cyberspace requires an unwavering foundation of diplomacy, together with strong operational capabilities.

While developing the “rules of the road” for a largely uncharted cyberspace is not straightforward, ASEAN, whose population of 660 million could add as much as $1 trillion to the region’s digital economy by 2030 (Google, Temasek, Bain & Company), has made a head start. At a regional level, SICW 2022’s AMCC has facilitated a major breakthrough by formally establishing the ASEAN Regional Computer Emergency Response Team (CERT), which will strengthen ASEAN’s cybersecurity posture and operational readiness in dealing with fast-moving cyber threats.

“The next step is to continue our good momentum to operationalize the ASEAN Regional CERT,” explained Minister Josephine Teo at the AMCC. “We envision the regional CERT to be a virtual center comprising analysts and incident responders from across ASEAN. For example, if a supply-chain attack were to occur in any of our countries, regional CERT analysts would rapidly share information from their own countries and jointly develop advisories when needed.”

Another area of focus is the Internet of Things (IoT), given its ubiquity. At SICW 2022's International IOT Security Roundtable, Dr. Janil Puthucheary, Singapore's Senior Minister of State, Ministry of Communications and Information, highlighted the importance of working together to identify the risks and threats in the IoT ecosystem and transform them into opportunities.

He added that the CSA's Cybersecurity Labeling Scheme, which rates smart devices according to their levels of cybersecurity, has gained international traction. At SICW 2022, Singapore announced its signing of a mutual recognition agreement with Germany to mutually recognize each other's IoT cybersecurity labels. A similar agreement was signed with Finland in 2021.

A Brighter Digital Future

Now in its seventh year, SICW has seen the rise of global interest – and institutional commitment – in tackling cyber challenges. In 2016, SICW’s organizer, the CSA of Singapore, was one of the few agencies dedicated to cybersecurity. Many more have been established since, and are now engaging in consensus-building and information-sharing at SICW 2022 and beyond – and taking up its very theme.

As Chief Executive David Koh rounded up, international cyber cooperation begins with awareness. “We need awareness: awareness of the threats of cyber in our daily lives, but more importantly, awareness that cyber is an enabler for the digital future. And I think the digital future can be bright if we can manage the risks.

I believe there’s a possibility to put aside our differences and build upon consensus for the collective good of our digital future.”